Dun & Bradstreet

Dun & Bradstreet, also known as D&B, operates as a major provider of commercial data and analytics for businesses. Its core services revolve around maintaining extensive databases of business contact information and corporate details, which are primarily utilized for marketing, sales prospecting, and risk assessment purposes. The company aggregates information such as employee names, job titles, phone numbers, office locations, and industry classifications, creating a resource that supports business-to-business activities globally. This data aggregation positions D&B as a significant entity within the business information services sector, where its offerings help other companies identify potential clients and evaluate commercial partnerships. The firm's operations involve collecting and licensing this information, though the 2017 incident revealed that its databases can contain sensitive personal details beyond what might be considered strictly public. D&B has asserted that its data practices aim to comply with relevant privacy regulations, though it acknowledged the occasional unintentional collection of more sensitive information. The nature of its business inherently involves managing large volumes of personal data, making data security and privacy controls critical aspects of its operational responsibilities. Its clientele likely includes corporations across various industries seeking reliable business intelligence to inform their commercial strategies and due diligence processes.

The scale of D&B's data holdings was starkly illustrated by a 2017 incident where a commercial database containing nearly 33.7 million unique email addresses was leaked, alongside associated personal and corporate information. This breach exposed a vast repository of data used for marketing, highlighting the company's immense footprint in the business information market. Analysis of the leaked records indicated that 14% of the exposed email addresses had previously appeared in other known data breaches, suggesting the data's circulation and potential for compounded risk. Security experts emphasized the irreversible exposure risks for affected individuals, noting that such information could facilitate targeted phishing attacks and other malicious activities. The company's response maintained that the data largely consisted of publicly available business contact information, a stance that drew scrutiny regarding the classification and protection of such datasets. This event underscored the broader challenges in the data brokerage industry concerning individual privacy and the control of personal information once it is aggregated and sold. The incident serves as a key reference point for understanding the volume of data D&B manages and the potential consequences of security failures within its systems. It also reflects the tension between commercial data utility and the privacy expectations of the individuals whose information is included in these massive business databases.